public ObjectResponse<NonPersonalizedEncryptedPayloadModel> encrypt(byte[] originalData) throws GenericCryptoException, CryptoProviderException, InvalidKeyException { if (originalData == null) { return null; } NonPersonalizedEncryptedMessage message = encryptor.encrypt(originalData); if (message == null) { // this will happen only in case of an unlikely randomness error, or if keys are corrupted return null; } NonPersonalizedEncryptedPayloadModel responseObject = new NonPersonalizedEncryptedPayloadModel(); responseObject.setApplicationKey(BaseEncoding.base64().encode(message.getApplicationKey())); responseObject.setEphemeralPublicKey(BaseEncoding.base64().encode(message.getEphemeralPublicKey())); responseObject.setSessionIndex(BaseEncoding.base64().encode(message.getSessionIndex())); responseObject.setAdHocIndex(BaseEncoding.base64().encode(message.getAdHocIndex())); responseObject.setMacIndex(BaseEncoding.base64().encode(message.getMacIndex())); responseObject.setNonce(BaseEncoding.base64().encode(message.getNonce())); responseObject.setMac(BaseEncoding.base64().encode(message.getMac())); responseObject.setEncryptedData(BaseEncoding.base64().encode(message.getEncryptedData())); return new ObjectResponse<>(responseObject); }
/** * Decrypt the encrypted message from the message payload using this encryptor. * @param message Message object to be decrypted. * @return Original decrypted bytes. * @throws InvalidKeyException In case decryption key is invalid. * @throws GenericCryptoException In case decryption fails. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public byte[] decrypt(NonPersonalizedEncryptedMessage message) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { byte[] adHocIndex = message.getAdHocIndex(); byte[] macIndex = message.getMacIndex(); // make sure the indexes are different if (Arrays.equals(adHocIndex, macIndex)) { throw new GenericCryptoException("Invalid index"); } byte[] nonce = message.getNonce(); SecretKey sessionKey = keyConversion.convertBytesToSharedSecretKey(this.sessionRelatedSecretKey); SecretKey encryptionKey = generator.deriveSecretKeyHmac(sessionKey, adHocIndex); SecretKey macKey = generator.deriveSecretKeyHmac(sessionKey, macIndex); byte[] encryptedData = message.getEncryptedData(); byte[] macExpected = hmac.hash(macKey, encryptedData); byte[] mac = message.getMac(); // make sure the macs are the same if (!Arrays.equals(mac, macExpected)) { throw new GenericCryptoException("Invalid mac"); } return aes.decrypt(encryptedData, nonce, encryptionKey); }
/** * Decrypt the encrypted message from the message payload using this encryptor. * @param message Message object to be decrypted. * @return Original decrypted bytes. * @throws InvalidKeyException In case decryption key is invalid. * @throws GenericCryptoException In case decryption fails. * @throws CryptoProviderException In case cryptography provider is incorrectly initialized. */ public byte[] decrypt(NonPersonalizedEncryptedMessage message) throws InvalidKeyException, GenericCryptoException, CryptoProviderException { byte[] adHocIndex = message.getAdHocIndex(); byte[] macIndex = message.getMacIndex(); // make sure the indexes are different if (Arrays.equals(adHocIndex, macIndex)) { throw new GenericCryptoException("Invalid index"); } byte[] nonce = message.getNonce(); SecretKey sessionKey = keyConversion.convertBytesToSharedSecretKey(this.sessionRelatedSecretKey); SecretKey encryptionKey = generator.deriveSecretKeyHmac(sessionKey, adHocIndex); SecretKey macKey = generator.deriveSecretKeyHmac(sessionKey, macIndex); byte[] encryptedData = message.getEncryptedData(); byte[] macExpected = hmac.hash(macKey, encryptedData); byte[] mac = message.getMac(); // make sure the macs are the same if (!Arrays.equals(mac, macExpected)) { throw new GenericCryptoException("Invalid mac"); } return aes.decrypt(encryptedData, nonce, encryptionKey); }